[checkmk-commits] 5486 Add permission for admins to see custom views and dashboards

Module: check_mk Branch: master Commit: 7b27e65c1ea5b9a7da3e00ac46c20160cb14a20a URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=7b27e65c1ea5b9… Author: Tom Baerwinkel <tb(a)mathias-kettner.de> Date: Fri Jan 5 15:35:30 2018 +0100 5486 Add permission for admins to see custom views and dashboards Previously, admins could only see custom views, dashboards and reports of a user if the owner set the option "Make this view/dashboard/report available for other users". Now admins can see the views, dashboards and reports of all users. This also implies that admins are allowed to edit and clone these views. Change-Id: I4079adc1f960c5355ed4ca8e7d679049bbe7ad59 --- .werks/5486 | 13 +++++++++++++ web/htdocs/default_permissions.py | 7 +++++++ web/htdocs/visuals.py | 37 ++++++++++++++++++++----------------- 3 files changed, 40 insertions(+), 17 deletions(-) diff --git a/.werks/5486 b/.werks/5486 new file mode 100644 index 0000000..3872183 --- /dev/null +++ b/.werks/5486 @@ -0,0 +1,13 @@ +Title: Add permission for admins to see custom views, dashboards and reports +Level: 1 +Component: multisite +Compatible: compat +Edition: cre +Version: 1.5.0i3 +Date: 1515161999 +Class: feature + +Previously, admins could only see custom views, dashboards and reports of a +user if the owner set the option "Make this view/dashboard/report available for +other users". Now admins can see the views, dashboards and reports of all +users. This also implies that admins are allowed to edit and clone these views. diff --git a/web/htdocs/default_permissions.py b/web/htdocs/default_permissions.py index fe89f56..4152535 100644 --- a/web/htdocs/default_permissions.py +++ b/web/htdocs/default_permissions.py @@ -38,6 +38,7 @@ loaded_with_language = False # | Declare general permissions for Multisite | # '----------------------------------------------------------------------' + def load_plugins(force): global loaded_with_language if loaded_with_language == current_language and not force: @@ -166,6 +167,7 @@ def load_plugins(force): loaded_with_language = current_language + # TODO: This has been obsoleted by pagetypes.py def declare_visual_permissions(what, what_plural): config.declare_permission("general.edit_" + what, @@ -188,6 +190,11 @@ def declare_visual_permissions(what, what_plural): _("Make own published %s override builtin %s for all users.") % (what_plural, what_plural), [ "admin" ]) + config.declare_permission("general.edit_foreign_" + what, + _("Edit foreign %s") % what_plural, + _("Allows to edit %s created by other users.") % what_plural, + [ "admin" ]) + config.declare_permission("general.delete_foreign_" + what, _("Delete foreign %s") % what_plural, _("Allows to delete %s created by other users.") % what_plural, diff --git a/web/htdocs/visuals.py b/web/htdocs/visuals.py index 3efbccc..3fbf38e 100644 --- a/web/htdocs/visuals.py +++ b/web/htdocs/visuals.py @@ -268,7 +268,7 @@ def available(what, all_visuals): permprefix = what[:-1] def published_to_user(visual): - if visual["public"] == True: + if visual["public"] is True: return True if type(visual["public"]) == tuple and visual["public"][0] == "contact_groups": @@ -354,17 +354,17 @@ def page_list(what, title, visuals, custom_columns = None, # TODO: We hack in those visuals that already have been moved to pagetypes here if pagetypes.has_page_type("graph_collection"): - html.context_button(_("Graph Collections"), "graph_collections.py", "graph_collection") + html.context_button(_("Graph collections"), "graph_collections.py", "graph_collection") if pagetypes.has_page_type("custom_graph"): - html.context_button(_("Custom Graphs"), "custom_graphs.py", "custom_graph") + html.context_button(_("Custom graphs"), "custom_graphs.py", "custom_graph") if pagetypes.has_page_type("graph_tuning"): - html.context_button(_("Grap tunings"), "graph_tunings.py", "graph_tuning") - html.context_button(_("Bookmark Lists"), "bookmark_lists.py", "bookmark_list") + html.context_button(_("Graph tunings"), "graph_tunings.py", "graph_tuning") + html.context_button(_("Bookmark lists"), "bookmark_lists.py", "bookmark_list") html.end_context_buttons() # Deletion of visuals - delname = html.var("_delete") + delname = html.var("_delete") if delname and html.transaction_valid(): if config.user.may('general.delete_foreign_%s' % what): user_id = html.var('_user_id', config.user.id) @@ -388,23 +388,26 @@ def page_list(what, title, visuals, custom_columns = None, except MKUserError, e: html.user_error(e) - keys_sorted = visuals.keys() - keys_sorted.sort(cmp = lambda a,b: -cmp(a[0],b[0]) or cmp(a[1], b[1])) + keys_sorted = sorted(visuals.keys(), + cmp=lambda a, b: -cmp(a[0], b[0]) or cmp(a[1], b[1])) - custom = [] - builtin = [] + my_visuals, foreign_visuals, builtin_visuals = [], [], [] for (owner, visual_name) in keys_sorted: if owner == "" and not config.user.may("%s.%s" % (what_s, visual_name)): continue # not allowed to see this view visual = visuals[(owner, visual_name)] - if owner == config.user.id or \ - (visual["public"] and owner != '' and config.user_may(owner, "general.publish_" + what)): - custom.append((owner, visual_name, visual)) - elif visual["public"] and owner == "": - builtin.append((owner, visual_name, visual)) - - for title, items in [ (_('Custom'), custom), (_('Builtin'), builtin) ]: + if visual["public"] and owner == "": + builtin_visuals.append((owner, visual_name, visual)) + elif owner == config.user.id: + my_visuals.append((owner, visual_name, visual)) + elif (visual["public"] and owner != '' and config.user_may(owner, "general.publish_%s" % what)) or \ + config.user.may("general.edit_foreign_%s" % what): + foreign_visuals.append((owner, visual_name, visual)) + + for title, items in [(_('Customized'), my_visuals), + (_("Owned by other users"), foreign_visuals), + (_('Builtin'), builtin_visuals)]: html.open_h3() html.write(title) html.close_h3()